Security through Authentication and Encryption - Coursework Example

Security through Authentication and Encryption Abstract Security enhancement strategies do not only allow access to solely employees, who are responsible for maintaining and operating systems, but to manage their systems or online businesses in a way that limits online access so as to prevent any possible threats and attacks. This includes first and foremost the notion that data or any correspondence between the business and the customer to be kept confidential. In order to maintain confidentiality, the need for authentication and encryption arises. Though this is not all that guarantees security on the organization’s network, but still the implementation works far better than any other measures taken to ensure security. Security through authentication and Encryption Security issues are the ones that Government take pride for determining technical standards within the domain of the private sector. Since technology is on its way to implement some technical standards to secure communication mode, first of all it mandates standards to mandate Internet commerce and communication. Among the most significant issue concerning technical standards is the usage of security and authentication. Authentication is not only required in communications between organizations and clients but is also a considerable issue in making electronic payments over the Internet. Depending on the direction and interactivity, authentication requires some previously stored data while communicating online. Authentication while encrypting the data allows any organization to get security over the network, thereby utilizing its resources without any hassle or threat of being attacked by the hacker. Encryption not only provides confidentiality to an organization when most often used with ‘https’ protocol, but by authenticating the data it provides non-repudiation that travels over a network or stored on a system. Except for the fact that authentication gets costly to organization and there is a risk of passwords vulnerability, there are no other limitations for authenticating your network. Since passwords are vulnerable to brute-force attacks or forgetfulness they are also subjected to a threat of weak password authentication. For example if a manager sends an application inclusive of passwords in plain text while not encrypted, to the authenticating server, any network sniffer can figure out the password, whether it is 250 or 2 characters long. A physical form of authentication is deployed in large organizations, government and military agencies that measures physical attributes, called ‘biometrics’. Since it is economically not feasible to implement in small scale businesses therefore, the current scope is not promising, however with the decrease in cost, there is a hope it would be common in the near future. Organizations that use biometric devices usually experience issues of inaccuracy and failure. For example current biometric technologies often create a hassle for organization’s customers because they incur false negatives i.e., they sometimes deny access to even an authorized customer for which customers get frustrated. They are also subjected to false positives i.e., providing access to an unauthorized user. Authentication leads to error when a customer who is wearing a bandage on the finger tries to authenticate himself. In case the biometric devices fail, there is a probability of not providing password authentication. Reauthentication: In today’s workplace there is a hassle of remembering passwords and procedures to log on. Reauthentication indicates that customers or managers are liable to re-authenticate several times just to get into the business application they really want to use, and often need to repeatedly authenticate throughout the day when moving from one application to another (Andress, 2003, p. 108). This way the user is forced to secure his account against attacker, and keep an eye on periodic password change, as the password expirations often takes place. Encryption provides benefit to online companies where customer’s (buyer or seller) priority is to maintain anonymity while at the same time in case of multiple small transactions he is likely to save tax levy (Currie & Wiley, 2000, p. 56). Today there is a conflicting debate that concerns security issues and asks whether the questions of free speech, censorship, pornography is possible with the accessibility of officials and politicians through electronic mail, intellectual property rights, the legal position and liabilities of anonymous remailers, the ability to dispose of secure encryption, and the facilities afforded by secure ISH networks to drug-traffickers and money-launderers (Loader, 1997, p. 166). Problems: Problems occur in circumstances where one has to carry out a ‘retail’ online interaction with its clients. Since online interaction requires the ability of the software to first access a database and detect relevant information of the client so as to take appropriate action. Therefore sometimes it becomes very hectic for the client as well as for the customer. An example can be derived from the Social Security Administration (SSA) department where an individual can claim to acquire his or her provision of Personal Earnings and Benefits Estimate Statement (PEBES) information. Therefore in order to deliver the statement, an on-line query is required to access the database that has stored individual’s information regarding his or her total earnings and benefits (Neu et al, 1999, p. 20). So far so good but as soon as the system extracts the particular information, it enters into an accumulated repository of private individual data for process completion where its demand gets more complicated because it starts authenticating the individual by often asking personal questions. Not only the process gets hectic for the customer as it usually acquires a lot of time, but also it is risky due to the reason that it uses real-time use of a database, and whenever such use of a database is utilized, it must be done with error-checking programs so as to help to guide users and assure the consistency of their responses. Costing: In order to cover the high costs, organizations or government agencies suffer through the hands of shortage of resources to meet their current demands. State officials declare that while resources demands increases, they are supposed to provide their services with the latest software online which leads them to a situation where they experience hardware or bandwidth shortages. Such shortages often lead them to the threshold of difficulties where they suffer even technical staff shortage. Another problem occurs when state servers get overloaded, in this situation it is very time consuming and difficult to catch up while going through the authentication or encryption process. It seems many state representatives feel no use of authentication or encryption services because they feel it is difficult to periodically update their capacity to manage growth in implementing authentication measures. State officials believe that besides day to day cost they have to deal with other issues like increasing demand of numbers of transactions and heightened speed and reliability demands. After all how they can ignore the costs that are associated with daily maintenance, upgradation and administration of such a computing-and-communication environment. Military Encryption: Military encryption differs from what we call commercial or civilian encryption (easily available). Since military encryption algorithms are not easily available, to many military officials they seem useless to implement, however mandatory for the intelligence applications, encryption is usually done in hardware. There is always a threat of the encryption process to be corrupted by revealing information, therefore it is difficult to search and implement standard algorithms. On the other hand, digital compression techniques are used to geo-locate emitters or finding targets. Depending upon the noise pollution of the environment, the task gets more difficult when one defence is to multiply sources of background electronic clutter shaped to foil intercept techniques that rely on distinguishing real signal patterns (Gongora & Riekhoff, 2000, p. 44). Since encryption helps voice traffic to be controlled, therefore it favours military activities by expanding resources to scatter emitters in military areas. This way the military gets opportunities to divert resources from other missions. While combining the triple-digital encryption standard (DES) and applying it for communication lets even the best code-breaking computers useless. This happens because breaking a code is harder than creating one and becomes increasingly harder as the key lengthens. Another drawback of encryption is that it is often misinterpreted that encryption is supposed to be the solution of even those security problems that it does not address. For this purpose it is often oversold and overuse with no benefits to the deployed organization. For example, a common perception is that encryption stops computer crackers, however encryption offers no such protection. In fact encryption is not applicable to protect against many common methods of attack, including those that exploit bad default settings or vulnerabilities in network protocols or software-even encryption software. Key distribution Problem: Private Key encryption is not possible to deploy in an open e-commerce system for the reason that it uses the same key for encryption as well as decryption purposes (Chan et al, 2001, p. 209). This indicates a need to establish a secret key while dealing with every customer. Since it is not technically reasonable to establish a secret key every time, while maintaining confidentiality therefore key distribution methods are not adopted in an open e-commerce system. Processing Time: Although encryption can ensure data confidentiality in e-commerce but is time consuming, particularly in situations where software is implemented online and customer input is large. It is often seen in man cases customers are more concerned about data integrity rather than data confidentiality. Obviously, encryption provides data integrity as well as confidentiality but at the expense of a longer processing time. However encryption when combined with a range of anonymous services could lead to a situation where practically all communications hesitate lawful interception and documents from lawful search and seizure, and where all electronic transactions are beyond the reach of any government regulation or oversight. This way the consequences of encryption to organizations and public departments seem like a threat to social or economic society as can be misused. It also suggests that encryption can be misused in criminal activities. It is also not very appreciable to use encryption as national security by interfering with foreign intelligence operations since it threats and is imposed as a control in many countries. Encryption when misused can cause possibility of stealing proprietary electronic information to a competitor without the need to photocopy and handle physical documents. There is a vast range of complex interdependencies that continues to reshape the global high-resolution commercial remote sensing market. Therefore it finds encryption techniques useful as long as it continues to study and evaluate the evolution of this market to ensure that its policy objectives are being met. In this case country like United States finds authentication to regulate mechanisms like shutter control so as to provide an equitable balance between economic considerations and national security concerns. There is a threat when such shutter controls are being overused, it may drive potential customers to foreign imagery providers but such a control is required to create incentives for its high-resolution commercial remote sensing industry to dominate the global market. This aspect invites the threat of exploitation as one has to fulfil a certain criteria of imagery providers i.e., to use only USG approved encryption devices that allow USG access during periods of shutter control, especially when coupled with the potential to use digital data for deception. This is so because there are some possibilities left whenever the systems are left operative rather than shutting them off (UN, 2003, p. 42). There are obvious problems on the part of state regulatory or sectoral self-regulation for which technological solutions placed in the hands of individuals, such as public-key encryption, are finding favour. That indicates for a private sector, it is easier to resolve the problems of privacy protection on the information superhighway, because that requires more than physical security, authentication and the authorisation of access which technological solutions handle. Safeguarding privacy is the concern of U.S Government; therefore it must be built in to new technologies and their applications. Privacy impact assessments and their consideration in public forums could make a valuable contribution; therefore the main concern is to use encryption for maintaining privacy. While developing large public policy and economic issues, government must be able to tackle in deciding upon the role of technologically related solutions. The security of any organization is hidden in depending upon its ability to cope up with preventing malicious attacks and tracking unauthorized acts. Most organization leaders believe that they have secured their systems by using security products like firewalls. Of course firewall is not enough and not the only solution that guarantees security. Instead there is a need to strong user authentication and encryption along with other techniques and policies that can hep in creating user accountability and confidentiality so as to ensure the security of an e-business. References Andress Amanda, (2003) Surviving Security: How to Integrate People, Process, and Technology: Auerbach Publications: Boca Raton, FL. Chan Henry, Lee Raymond, Dillon Tharam & Chang Elizabeth, (2001) E-Commerce: Fundamentals and Applications: Wiley: New York. Currie Wendy & Wiley John, (2000) The Global Information Society: Chichester, England. Gongora Thierry & Riekhoff Von Herald, (2000) Toward a Revolution in Military Affairs? Defense and Security at the Dawn of the Twenty-First Century: Greenwood Press: Westport, CT. Loader D. Brian, (1997) The Governance of Cyberspace: Politics, Technology and Global Restructuring: Routledge: London. Neu C, Richard, Anderson H. Robert & Bikson K. Tora, (1999) Sending Your Government a Message: E-Mail Communication between Citizens and Government: Rand: Santa Monica, CA. UN, (2003) Outer Space and Global Security: United Nations Institute For Disarmament Research - orgname: UNIDIR: Geneva. Read More